Security post-mortem report: CustomTumblers.us

The following report has been submitted to my main live journal, the journal to the blog and this blog. The network wants to be transparent in the security of our sites, and we were made of a potential issue which turns out to be a false report, but one which we looked in to. Below, please find the report, and please contact the network with further questions using the contact information at the end of the report.


On December 21, 2020: an email caught my attention that sounded a little alarming.

The email said:

Hi Jared. Can you please check and make sure I have a valid certificate for customtumblers.us.

I signed up for a free thing that can help me with things to know on my website and it says I don’t. It says I have no valid security certificate. I don’t know how to look.

Thank you

I’ve removed the name of the customer to protect their identity, and I promptly responded to the customer. I advised them that certificates for the domain in question were installed, how to access the area in question, told them to take a look and have them report back to me.

At 8:40 am, I got the following question:

Ok thank you. Are you also saying they are installed?

The short answer is yes. The control panel in question looks for new domains and gets what is called a domain validated certificate and installs that. At 10:01, the customer wrote:

It’s there.  I’ll write back to the company and see what they say.  Weird!

There was a little more discussion with a question on who the provider was that was recently installed. Earlier this afternoon, I was advised that the provider service is DIIB which has services for search engine optimization, web site analysis, works with over 100 different platforms including wordpress, shopify, and more as well as a scanner to scan web sites for security alerts. It looks to have a free plan for one site, but the professional plan is $30 and allows you to have 30 web sites monitored.

In no way is the Jared Rimer Network blaming DIIB for this mistake, I bet it can happen to anyone. I’m hoping that the issue will be promptly resolved and that the network and this web site and other sites that belong to it are as covered as they can be in today’s environment.

Should you have any questions about any of the sites, please go to the Jared Rimer Network web site and fill out a form and ask questions.

While the report given by the provider here was negative, I bet this isn’t the first one, and it won’t be the last. I’m glad that the customer here reached out to verify things were as secure as possible, just in case.

This domain did have some issues to start with, but were resolved within a week after being created. We set up the account July 24th of this year. The Jared Rimer Network does not believe the account is in any jeopardy.

Contact:
Jared Rimer
The Jared Rimer Network
Contact: 804-442-6975 for voice and text
Email: Please use the contact form on the web site
imessage: please use the tech address for the tech podcast tech at menvi.org (remove spaces and add appropriate punctuation)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.